589583 A7 _____B7 ___ 五、發明說明(/ ) 【發明所屬之技術領域】 本發明係有關可攜式資訊記憶媒體及其認証方法’特 別係有關認証方法(當對應1C卡,從外部裝置進行存取時 ,用來認証該1C卡爲正確者)及1C卡(適合進行上述認証 方法)。 【習知技術】 1C卡所代表之可攜式資訊記憶媒體係隨著1C晶片之 小型化技術而急速普及,普及到一般之個人用戶1人1張 ,已經是遲早的問題。因此,1C卡等可攜式資訊記憶媒體 越被利用來作爲社會生活重要之工具,安全之確保越成爲 重要之課題了。爲了對1C卡進行存取,係利用讀寫裝置, 電腦系統係透過這種讀寫裝置,進行1C卡之內部與數據之 交換。因此,通常,只要把1C卡插入到讀寫裝置,就能進 行相互認証對方之處理。 從讀寫裝置側來看1C卡,用來確認該1C卡是否爲正 確者之認証,通常,係藉由與認証命令同時,從讀寫裝置 ,提供任意之認証用數據(利用亂數)給1C卡,檢證對應認 証用數據之正確的響應是否返回之方法,來進行。更具體 而言,係利用公鑰密碼方式,在正規的1C卡中,其內部事 先儲存密鑰α ’對應從讀取裝置側所提供之認証用數據(任 意之亂數),在1C卡內部,利用該密鑰α,進行密碼化處 理,將密碼數據(藉由該密碼化處理所得到)當作響應返回 讀寫裝置’在讀寫裝置側,對應當作響應而返回之密碼數 據,使用對應密鑰α之公鑰3 ,進行解碼處理,藉由該解 4 本紙張尺度適用中國國家標準(CNS)A4 ϋΓΓ2ΐΟ X 297公爱)-- --- (請先閱讀背面之注意事項再填寫本頁) -------7丨訂;--------線 589583 B7 五、發明說明(Y) 碼處理所得到之數據,係根據與原來之認証用數據是否一 致,對應1C卡進trs忍証。 因儲存在1C卡內之密鑰α,通常係無論採用哪種方法 ,從外部都不能讀出之構造,故要僞造具有正確密鑰^之 iC卡非常困難。因此,採用上述之方法,將密碼數據當作 響應來返回,將返回之響應進行解碼,藉此所得到之數據 若與原來之認証用數據一致的話,就能得到該1C卡爲正規 者之認証。 【發明所要解決之課題】 如以上所述,儲存在1C卡內之密鑰α,在邏輯上’係 無論採用哪種方法,從外部都不能讀出之構造。但是’實 際上,有藉由解析1C卡動作中之各種物理現象(例如,消 耗電流),從外部能檢知儲存在1C卡內之密鑰α之方法。 例如,稱爲 DPA(Differential Power Analysis)之手法,其係 根據統計來解析1C卡消耗電力之波形,藉此來推測密鑰α 之內容之原理。具體而言,係在1C卡之電力供應用端子等 ,連接測定系統(用來測定1C卡內部之消耗電流)之狀態下 ,從讀寫裝置側,反覆傳送既定之認証用數據,然後,在 1C卡內部,使用密鑰α,進行密碼化運算,解析此時之消 耗電力波形,藉此用統計之手法,掌握密鑰α之內容。 因此,本發明之目的係提供可攜式資訊記憶媒體之認 証方法,其係即使對應上述之不正當解析手法,也能確保 充分之安全。 【用以解決課題之手段】 5 ;纸張尺度賴+闕家群(CNS)A4規格(21Gx297公爱) --- (請先閱讀背面之注意事項再填寫本頁) -------7 — 訂 d--------線 589583 A7 ______B7_ 五、發明說明(> ) (1)本發明之第1形態係一種可攜式資訊記憶媒體及其 認証方法,當從外部裝置,對應可攜式資訊記憶媒體進行 存取時,確認該可攜式資訊記憶媒體爲正確者之認証方法 ,其包含: 運算定義階段,其係規定第1鑰α及第2鑰/9、以及 密碼化運算及解碼運算,以使對應任意之認証用數據R, 使用第1鑰α,進行密碼化運算,藉此能得到密碼數據C ,且對應該密碼數據C,使用第2鑰/3,進行解碼運算, 藉此能得與原來認証用數據R相同之數據; 媒體準備階段,其係在可攜式資訊記億媒體內,記憶 上述第1鑰α,並且,在該可攜式資訊記憶媒體內,準備 進行密碼化運算之處理功能; 亂數傳送階段’其係在外部裝置中,使產生亂數,把 該亂數當作認証用數據R ’傳送給可攜式資訊記憶媒體; 認証用數據記憶階段,其係接收認証用數據R之傳送 ,將該認証用數據R記憶在可攜式資訊記憶媒體內之既定 記憶場所; 判定階段’其係在可攜式資訊記憶媒體內,確認新傳 送來之認証用數據R是否與目前所記載之認証用數據R 一 致,當兩者不一致時,進行密碼化許可之判定; 密碼化階段,其係在上述判斷階段,進行密碼化許可 之判定時’在可攜式資訊記憶媒體內,對應傳送來之認証 用數據R ’使用所記憶之第1繪α,進行密碼化運算,將 其結果所得到之密碼數據C返回給外部裝置; 6 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公^ -- (請先閱讀背面之注意事項再填寫本頁)589583 A7 _____B7 ___ 5. Description of the invention (/) [Technical field to which the invention belongs] The present invention relates to a portable information storage medium and its authentication method ', particularly to an authentication method (when corresponding to a 1C card, access from an external device) When used to authenticate the 1C card as the correct one) and 1C card (suitable for performing the above authentication method). [Knowledge technology] The portable information storage media represented by the 1C card is rapidly spreading with the miniaturization technology of the 1C chip. It has become a problem sooner or later for general individual users. Therefore, the more portable information storage media such as 1C cards are used as important tools in social life, the more important it is to ensure safety. In order to access the 1C card, a read-write device is used. The computer system uses this read-write device to exchange the internal and data of the 1C card. Therefore, in general, as long as the 1C card is inserted into the read / write device, mutual authentication can be performed. Looking at the 1C card from the read / write device side, it is used to confirm whether the 1C card is the correct one. Generally, it is to provide arbitrary authentication data (using random numbers) from the read / write device at the same time as the authentication command. The 1C card is used to verify whether the correct response corresponding to the authentication data is returned. More specifically, the public key cryptography method is used. In a regular 1C card, the key α 'is stored in advance corresponding to the authentication data (arbitrary random number) provided from the reading device, and is stored in the 1C card. , Use the key α to perform cryptographic processing, and return the cryptographic data (obtained through the cryptographic processing) as a response to the read-write device. On the read-write device side, corresponding to the cryptographic data returned as a response, use Correspond to the public key 3 of the key α, decode it, and use the solution 4 The paper size is applicable to China National Standard (CNS) A4 ϋΓΓ2ΐΟ X 297 public love)---- (Please read the notes on the back before filling (This page) ------- 7 丨 Order; -------- line 588953 B7 V. The data obtained from the (Y) code processing of the invention is based on whether it is consistent with the original authentication data. Correspondence to 1C card into trs. Because the key α stored in the 1C card is usually a structure that cannot be read from the outside, no matter which method is used, it is very difficult to forge an iC card with the correct key ^. Therefore, by using the above method, the password data is returned as a response, and the returned response is decoded. If the obtained data is consistent with the original authentication data, the 1C card can be authenticated as a regular person. . [Problem to be Solved by the Invention] As described above, the key α stored in the 1C card is logically a structure that cannot be read from the outside regardless of the method adopted. However, 'actually, there are methods of analyzing the physical phenomena (for example, current consumption) in the operation of the 1C card, and detecting the key α stored in the 1C card from the outside. For example, a technique called DPA (Differential Power Analysis) is to analyze the waveform of the power consumed by the 1C card according to statistics, and to estimate the principle of the content of the key α. Specifically, in a state where the power supply terminal of the 1C card is connected to a measurement system (for measuring the current consumption inside the 1C card), the predetermined authentication data is repeatedly transmitted from the reading and writing device side, and then, Inside the 1C card, the key α is used to perform cryptographic operations to analyze the power consumption waveform at this time, so as to grasp the content of the key α by means of statistics. Therefore, an object of the present invention is to provide a method for authenticating a portable information storage medium, which can ensure sufficient security even in response to the above-mentioned improper analysis method. [Means to solve the problem] 5; Paper size depends on + Jiajiaqun (CNS) A4 specification (21Gx297 public love) --- (Please read the precautions on the back before filling this page) ------- 7 — Order d -------- line 558983 A7 ______B7_ V. Description of the invention (>) (1) The first form of the present invention is a portable information storage medium and its authentication method. When it is from an external device, When accessing the portable information storage medium, confirm that the portable information storage medium is the correct authentication method, including: the operation definition phase, which specifies the first key α and the second key / 9, and the password The encryption operation and the decoding operation are performed so as to correspond to arbitrary authentication data R using the first key α to perform a cryptographic operation, thereby obtaining the cryptographic data C, and corresponding to the cryptographic data C, using the second key / 3. The decoding operation can obtain the same data as the original authentication data R. In the media preparation stage, it is stored in the portable information storage medium, and the first key α is stored, and in the portable information storage medium, Processing functions for cryptographic operations are prepared; 'It is an external device that generates a random number and uses the random number as authentication data R' and transmits it to a portable information storage medium; The authentication data storage phase is to receive the transmission of authentication data R and transfer The authentication data R is stored in a predetermined storage place in the portable information storage medium; in the determination phase, it is in the portable information storage medium, and it is confirmed whether the newly transmitted authentication data R is in accordance with the currently recorded authentication data. The data R is the same. When the two are inconsistent, the determination of the encryption permission is performed. The encryption phase is at the above-mentioned determination phase. When the determination of the encryption permission is performed, the corresponding authentication is transmitted in the portable information storage medium. Use the data R 'to use the first memorized α, perform cryptographic operations, and return the cryptographic data C obtained from the result to an external device; 6 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 Public ^-(Please read the notes on the back before filling this page)
-------;—訂,*--------線U 589583 A7 _ B7_ 五、發明說明(心) (請先閱讀背面之注意事項再填寫本頁) 解碼階段,其係在外部裝置中,對應從可攜式資訊記 憶媒體所返回之密碼數據C,使用第2鑰/5,進行解碼運 算;以及 認証階段,其係上述解碼運算結果,當得到與認証用 數據R(在上述亂數傳送階段所傳送)相同之數據時,確認可 攜式資訊記憶媒體爲正確者。 (2) 本發明之第2形態係如上述第1形態之可攜式資訊 記憶媒體之認証方法,其中, 其係針對藉由亂數傳送階段所傳送之認証用數據R, 在認証用數據記憶階段之前,進行判定階段,在這種判段 階段中,僅在得到密碼化許可之判定結果之情況,進行認 証用數據記憶階段者。 (3) 本發明之第3形態係如上述第1或第2形態之可攜 式資訊記憶媒體之認証方法,其中, 其係在可攜式資訊記憶媒體內,設有複數η個記憶場 所(可記憶認証用數據R),在認証用數據記憶階段,只記憶 最近η次份之認証用數據R者。 (4) 本發明之第4形態係一種可攜式資訊記憶媒體,其 具有,當從外部裝置,與認証命令同時傳送認証用數據R 時,對應該認証用數據R,進行既定之密碼化運算,將其 結果所得到之密碼數據C當作響應,返回到外部裝置之功 能,其特徵在於,包含: 命令接收部,其係接收從上述外部裝置所傳送之命令 y 7 本纸張尺度適用由國國家標準(CNS)A4規格(210 X 297公釐) 589583 A7 ________B7 —_ 五、發明說明(f) 認証用數據記憶部,其係用來記憶認証用數據R; 密鑰記憶部,其係用來記憶密鑰利用在密碼化運算 ); 不一致確認部,其係當上述命令接收部與認証同時接 收認証用數據R時,確認認証用數據R(記憶在認証用數據 記憶部內)和新接收之認証用數據R爲不一致; 認証用數據寫入部,其係上述命令接收部,將所接收 之認証用數據R寫入到認証用數據記丨思’ 密碼化運算部,其係在不一致確認部中’將確認不一 致當作條件,使用密鑰α (記憶在密鑰記憶部內)’對應新 接收之認証用數據R,進行密碼化運算,得到密碼數據C :以及 響應傳送部,其係把響應(包含密碼數據c)傳送給外 部裝置。 (5) 本發明之第5形態係如上述第4形態之可攜式資訊 記憶媒體,其中, 針對新接收之認証用數據R,在不一致確認部中,將 確認不一致當作條件,進行認証用數據R(認証用數據寫入 部之新接收)之寫入者。 (6) 本發明之第6形態係如上述第4或第5形態之可攜 式資訊記憶媒體,其中, 在認証用數據記憶部中,設有複數η個之記憶場所’ 以使能記憶複數η種之認証用數據R, 認証用數據寫入部,係在各記憶場所’進行依序寫入 8 _ 各纸張尺度適用中國0家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁)-------;-Order, * -------- line U 589583 A7 _ B7_ V. Description of the invention (heart) (Please read the precautions on the back before filling this page) The decoding stage, which In the external device, corresponding to the cryptographic data C returned from the portable information storage medium, the second key / 5 is used to perform the decoding operation; and the authentication phase, which is the result of the above-mentioned decoding operation, when the data R for authentication is obtained (Transmitted in the above-mentioned random number transmission stage), when the same data, confirm that the portable information storage medium is correct. (2) The second aspect of the present invention is the authentication method of the portable information storage medium as described in the first aspect above, wherein it is for the authentication data R transmitted in the random number transmission stage, and the authentication data is stored in the authentication data R. Before the stage, a judgment stage is performed. In this stage of judgment, the authentication data storage stage is performed only when the judgment result of the encryption permission is obtained. (3) The third aspect of the present invention is a method for authenticating a portable information storage medium as described in the first or second aspect, wherein it is provided in the portable information storage medium with a plurality of n memory locations ( The authentication data R) can be memorized. In the authentication data memorization stage, only the latest η authentication data R is memorized. (4) The fourth aspect of the present invention is a portable information storage medium having a predetermined encryption operation corresponding to the authentication data R when the authentication data R is transmitted from the external device simultaneously with the authentication command. The function of returning the password data C obtained from the result to an external device as a response is characterized in that it includes: a command receiving section that receives a command transmitted from the external device y 7 National Standard (CNS) A4 specification (210 X 297 mm) 589583 A7 ________B7 —_ 5. Description of the invention (f) Authentication data storage unit, which is used to store authentication data R; Key storage unit, which is It is used to memorize the key for use in cryptographic operations.) The inconsistency confirmation unit confirms the authentication data R (stored in the authentication data storage unit) and the new reception when the command receiving unit receives the authentication data R simultaneously with the authentication. The authentication data R is inconsistent; the authentication data writing unit is the above-mentioned command receiving unit, and writes the received authentication data R to the authentication data record. The calculation unit is configured to use the key α (stored in the key storage unit) as a condition for the inconsistency confirmation unit to perform cryptographic operations on the newly received authentication data R to obtain the cipher data C: And a response transmitting unit that transmits a response (including the password data c) to an external device. (5) The fifth aspect of the present invention is the portable information storage medium according to the above-mentioned fourth aspect, wherein, for the newly received authentication data R, the inconsistency confirmation section uses the inconsistency confirmation as a condition for authentication Writer of data R (new reception by authentication data writing unit). (6) The sixth aspect of the present invention is the portable information storage medium as described in the fourth or fifth aspect above, wherein the authentication data storage unit is provided with a plurality of n storage places' to enable the storage of plural numbers η types of authentication data R, authentication data writing unit, are sequentially written in each memory location 8 _ Each paper size applies the Chinese Standard 0 (CNS) A4 (210 X 297 mm) ( (Please read the notes on the back before filling out this page)
589583 A7 B7 五、發明說明( 認証用數據R(成爲寫入對象)之處理,當複數η個記憶場所 業已全部寫入完成之情況,對應最舊之認証用數據r被寫 入之記憶場所,進行霆寫處理者。 【發明之實施形態】 以下’根據圖示之實施形態,將本發明加以說明。首 先,一面參照第1圖之方塊圖,一面說明在習知之一般可 攜式資訊記憶媒體(具體而言,係指1C卡)中所進行之認証 方法之基本原理。這種認証方法係利用公鑰密碼方式(利用 由密鑰和公鑰所構成之雙鑰)之認証方法。 第1圖係表示將可攜式資訊記憶媒體(1(:卡)1〇〇插入 到外部裝置(讀寫裝置)20〇中,在電氣連接兩者之狀態下, 從讀寫裝置200側,認証IC卡1〇0側的步驟之方塊圖。在 圖示之例中,在1C卡1〇〇內,事先儲存第1鑰α (密鑰), 並在讀寫裝置200內,事先儲存第2鑰β (公鑰)。此處, 桌1鑰α,例如,在該ic卡1 qq之擁有者,係固定之繪, 成爲一般所不知之密鑰。相對的,第2鑰^係同樣地,對 該擁有者係固有之鑰,但〜般成爲公鑰。因此,第2鑰召 即使不事先常儲存在讀寫裝置2〇〇內,也能每次從其他場 所(例如,主電腦等)讀入到讀寫裝置200內。又,在IC卡 100內,具有利用第1鑰α,對應任意之數據進行密碼化 處理之功能,在讀寫裝置2〇〇中,具有利用第2鑰/5,對 應任意之密碼數據進行解碼處理之功能。 又’在讀寫裝置200中,具有產生亂數之功能,在讀 寫裝置200所產生之亂數,係當作認証用數據R,與認証 — 9 ^紙張尺度適用由國园家標準(CNS)A4規格(21^^97 ^"7 (請先閱讀背面之注意事項再填寫本頁)589583 A7 B7 V. Description of the Invention (The processing of authentication data R (being the object of writing), when a plurality of n memory locations have been completely written, corresponds to the memory location where the oldest authentication data r is written, Those who perform the writing process. [Embodiments of the invention] The following describes the present invention based on the illustrated embodiments. First, referring to the block diagram of FIG. 1, the conventional portable information storage medium will be described. (Specifically, it refers to the 1C card) The basic principle of the authentication method carried out. This authentication method is an authentication method using a public key cryptography method (using a double key composed of a key and a public key). Part 1 The figure shows that a portable information storage medium (1 (: card) 100 is inserted into an external device (reading and writing device) 200, and the IC is authenticated from the reading and writing device 200 side while the two are electrically connected. Block diagram of the steps on the card 100 side. In the example shown in the figure, the first key α (key) is stored in advance in the 1C card 100, and the second key is stored in advance in the read / write device 200. β (public key). Here, the table 1 key α, for example, The owner of the ic card 1 qq is a fixed picture and becomes a generally unknown key. In contrast, the second key ^ is the same as the key unique to the owner, but it becomes the public key. Therefore, Even if the second key is not stored in the reading / writing device 2000 in advance, it can be read into the reading / writing device 200 from other places (for example, the host computer) every time. In the IC card 100, It has the function of using the first key α to perform cryptographic processing on arbitrary data, and the reading and writing device 2000 has the function of using the second key / 5 to perform decoding processing on arbitrary cryptographic data. The writing device 200 has a function of generating random numbers. The random numbers generated in the reading and writing device 200 are used as authentication data R and authentication— 9 ^ The paper size is applicable to the National Garden Standard (CNS) A4 specification ( 21 ^^ 97 ^ " 7 (Please read the notes on the back before filling this page)
· ^1 ϋ I n —ϋ ϋ I 一OJϋ II ϋ I n I I I n n I n ϋ n n I 589583 A7 B7 五、發明說明(7) 命令同時傳送給1C卡100側。在1C卡100側,對應這種 傳送來之認証用數據R,使用第1鑰α,進行密碼化運算 ,藉此能產生密碼數據C。密碼數據C係在使用第1鑰α 之前提下,根據認証用數據R,用一個定義所求出之數據 。1C卡100係將所求出之密碼數據C,當作對應認証命令 之響應,返回到讀寫裝置200。在讀寫裝置200側,係對 應這種傳送來的密碼數據C,使用第2鑰/3,進行解碼運 算。然後,藉由這種解碼運算所得到之數據,若與原來之 認証用數據R —致的話,則將1C卡100當作正確者來進行 s忍証0 當然,爲了能進行這種認証方法,必須事先將第1鑰 α及第2鑰/3、以及密碼化運算及解碼運算,規定爲特定 者。即,必須事先規定第1鑰α及第2鑰/3、以及密碼化 運算及解碼運算,以使對應任意之認証用數據R,使用第 1鑰α,進行密碼化運算,藉此能得到密碼數據C,且對 應該密碼數據C,使用第2鑰/3,進行解碼運算,藉此能 得到與上述認証用數據R相同之數據。換言之,所謂第1 鑰α及第2鑰/3係必須形成相當於公鑰密碼方式之密鑰和 公鑰之雙鑰關係,在1C卡100側所進行之密碼化運算及讀 寫裝置200側所進行之解碼運算,必須成爲該公鑰密碼方 式之密碼化運算及解碼運算。 就讀寫裝置200側所產生之認証用數據R而言,因使 用亂數,故提供給1C卡100側之認証用數據R之內容每次 不同。因此,從1C卡100側,當作響應而返回之密碼數據 10 本纸張尺度適用由國國家標準(CNS)A4規格(210 X 297公餐) ' " ' (請先閱讀背面之注意事項再填寫本頁) ·_·!——^丨丨訂--------線丨康 589583 A7 ______B7___ 五、發明說明((^) c之內容也每次不同。但是,1c卡ι〇0側使用正確的密鑰 α,來進行正確的密碼化運算之範圍’若在讀寫裝置200 側,使用正確的公鑰/5,來進行正確的解碼運算的話,被 解碼之數據係與原來之認証用數據R 一致。因此,原來之 認証用數據R,無論是哪種値’也能對應1C卡100進行認 証。而且,儲存在1C卡100內之密鑰α,在邏輯上,不能 從1C卡之外部被讀出’故看起來能確保充分之安全。 但是,實際上,如以上所述,若利用統計來解析1C卡 之消耗電流之手法的話’則從外部能察知1C卡100內之密 鑰α之內容。例如,若反覆數次’把構成「Π111111」之 認証用數據R提供給1C卡100 ’用電氣性的測定法,反覆 觀測此時之1C卡100內部之消耗電力波形的話’則在統計 上能得到某些的圖案。同樣的’若反覆數次’把構成「 00000000」之認証用數據R提供給1C卡100,用電氣性的 測定法,反覆觀測此時之1C卡100內部之消耗電力波形的 話,則在統計上仍能得到某些的圖案。解析這些圖案’藉 此能用統計來類推儲存在1C卡內部之密鑰α之內容。 本發明之特徵係在爲了無法使用這種不正當之解析手 法,故對應1C卡100,當反覆提供相同認証用數據R時’ 拒絕1C卡1〇〇內部之密碼化運算之點。例如,上述例之情 況,在第1次之認証命令中,若提供構成「丨1111111」之 認証用數據R的話,則對應該第1次之認証命令’使用密 鑰α,進行密碼化運算,所得到之密碼數據C係當作響應 而進行返回,但在第2次以後之認証命令中’假如提供相 11 __ 本紙張尺度適用由國國家標準(CNS)A4規格(210 χ 297公釐) (請先閱讀背面之注意事項再填寫本頁) --------訂-·--------線丨▲ 589583 A7 _________B7_ __________ 五、發明說明) 同構成「11111111」之認証用數據R時,該認証命令就會 被拒絕,不使用密鑰α,進行密碼化運算。當然,正常的 響應也得不到。 若作成這種構成的話,因不能使用相同之認証用數據 R,反覆進行密碼化運算,故不易用統計手法來解析消耗 電力波形。 爲了達成這種目的,較佳係把1C卡1〇〇之構成作成第 2圖之方塊圖所示之構成。第2圖之方塊圖係表示將本發 明之1C卡100(可攜式資訊記憶媒體)連接在習知之一般讀 寫裝置200(外部裝置)之狀態。如圖示,該實施形態之1c 卡100係包含:命令接收部11〇、認証用數據寫入部120、 認証用數據記憶部130、不一致確認部140、密碼化運算部 150、密鑰記憶部160、及響應傳送部170。另一方面’讀 寫裝置200係包含:命命傳送部210、認証用數據產生部 220、響應接收部230、解碼運算部240、公鑰記憶部250、 及認証部260。當然,第2圖所圖示的只是爲了進行本發 明之認証處理,所必要之構成要素,在實際之1C卡和讀 寫裝置中,也具有用來進行本來功能(作爲1C卡及讀寫裝 置)之其他構成要素。 第2圖所示之讀寫裝置200係習知一般之讀寫裝置, 反言之,在進行本發明上,讀寫裝置係能仍舊利用習知之 裝置。認証用數據產生部220係實際上產生亂數之裝置, 此處所產生之亂數係當作認証用數據R,提供給1C卡100 側。即,當作亂數而產生之認証用數據R,係與認証命令 12 本關家標举(CNS)A4規格(210 X 297公t " (請先閱讀背面之注意事項再填寫本頁)· ^ 1 ϋ I n —ϋ ϋ I-OJϋ II ϋ I n I I I n n I n ϋ n n I 589583 A7 B7 V. Description of the invention (7) The command is transmitted to the 100C side of the 1C card at the same time. On the 1C card 100 side, corresponding to the authentication data R transmitted in this manner, the first key α is used to perform a cryptographic operation, thereby generating cryptographic data C. The cryptographic data C is obtained before the first key α is used, and the data obtained using a definition is based on the authentication data R. The 1C card 100 returns the obtained password data C to the read / write device 200 as a response to the corresponding authentication command. On the read / write device 200 side, in response to the transmitted encrypted data C, the second key / 3 is used to perform the decoding operation. Then, if the data obtained by this decoding operation is consistent with the original authentication data R, the 1C card 100 is regarded as the correct one to perform s tolerance 0. Of course, in order to perform this authentication method, The first key α and the second key / 3, and the cryptographic operation and the decoding operation must be specified in advance as specific ones. That is, the first key α and the second key / 3, and the cryptographic operation and the decoding operation must be specified in advance so that the arbitrary key R can be used to perform the cryptographic operation corresponding to any authentication data R, thereby obtaining the password Data C, and corresponding to the cipher data C, are decoded using the second key / 3, whereby the same data as the authentication data R can be obtained. In other words, the so-called first key α and second key / 3 must form a double-key relationship equivalent to the public key cryptographic key and the public key. The cryptographic operations performed on the 1C card 100 side and the read and write device 200 side The decoding operation performed must be a cryptographic operation and a decoding operation of the public key cryptographic method. Regarding the authentication data R generated by the read / write device 200, random numbers are used, so the contents of the authentication data R provided to the 1C card 100 are different every time. Therefore, the password data returned as a response from the 100C side of the 1C card 10 This paper size is applicable to the national standard (CNS) A4 specifications (210 X 297 meals) '"' (Please read the precautions on the back first (Fill in this page again) · _ ·! —— ^ 丨 丨 Order -------- line 丨 康 589583 A7 ______B7___ V. Invention Description ((^) The content of c is different every time. However, 1c card 〇0 side uses the correct key α for the range of correct cryptographic operations. 'If the read / write device 200 side uses the correct public key / 5 for correct decoding operations, the decoded data is related to The original authentication data R is the same. Therefore, the original authentication data R can be authenticated corresponding to the 1C card 100, and the key α stored in the 1C card 100 cannot be logically changed. It reads 'from the outside of the 1C card', so it seems to be able to ensure sufficient security. In fact, as described above, if statistics are used to analyze the current consumption of the 1C card, the 1C card 100 can be seen from the outside The content of the secret key α. For example, if you repeatedly The data “1” for authentication is provided to the 1C card 100 'using electrical measurement methods, and repeatedly observing the power consumption waveforms inside the 1C card 100 at this time', then some patterns can be obtained statistically. The same 'if Repeatedly 'provide the authentication data R constituting "00000000" to the 1C card 100, and using electrical measurement methods to repeatedly observe the power consumption waveform inside the 1C card 100 at this time, you can still obtain a statistically These patterns can be used to analyze these patterns, so that the content of the key α stored in the 1C card can be inferred by statistics. The feature of the present invention is that the 1C card 100 cannot be used in order to use this improper analysis method. When repeatedly providing the same authentication data R ', the point of rejecting the cryptographic operation inside the 1C card 100. For example, in the case of the above example, in the first authentication order, if the authentication for constituting "1111111" is provided If the data R is used, the cryptographic operation is performed using the key α in response to the first authentication command, and the obtained encrypted data C is returned as a response. However, in the second and subsequent authentication commands, it is false. If you provide photo 11 __ This paper size is applicable to the national standard (CNS) A4 specifications (210 x 297 mm) (Please read the precautions on the back before filling this page) -------- Order- ·- ------- line 丨 ▲ 589583 A7 _________B7_ __________ V. Description of the invention) When the authentication data R which constitutes "11111111" is the same, the authentication command will be rejected, and the key α will not be used for cryptographic operations. Of course, normal responses are not available. With such a configuration, since the same authentication data R cannot be used to repeatedly perform cryptographic operations, it is not easy to analyze the power consumption waveform by statistical methods. In order to achieve this purpose, it is preferable to make the structure of the 1C card 100 into the structure shown in the block diagram of FIG. 2. The block diagram of FIG. 2 shows a state where the 1C card 100 (portable information storage medium) of the present invention is connected to a conventional general read / write device 200 (external device). As shown in the figure, the 1c card 100 of this embodiment includes a command receiving unit 110, an authentication data writing unit 120, an authentication data memory unit 130, a nonconformance confirmation unit 140, a cryptographic operation unit 150, and a key memory unit. 160, and response transmission unit 170. On the other hand, the read / write device 200 includes a fate transmitting section 210, an authentication data generating section 220, a response receiving section 230, a decoding operation section 240, a public key storage section 250, and an authentication section 260. Of course, what is shown in FIG. 2 is only for performing the authentication process of the present invention, and the necessary constituent elements are also used in the actual 1C card and read-write device to perform the original function (as a 1C card and read-write device). ). The read-write device 200 shown in FIG. 2 is a conventional read-write device. Conversely, in carrying out the present invention, the read-write device can still use the conventional device. The authentication data generating unit 220 is a device that actually generates random numbers, and the random numbers generated here are regarded as the authentication data R, and are provided to the 1C card 100 side. That is, the authentication data R generated as a random number is in accordance with the authentication order. 12 The CNS A4 specification (210 X 297 male t " (Please read the precautions on the back before filling this page)
589583 A7 ____— _B7 ___ 五、發明說明 同時,從命令傳送部210,向命令接收部110,進行傳送。 1C卡100係可攜式資訊記憶媒體,具有,當其與這種認証 命令同時傳送來認証用數據R時,係對應該認証用數據R ,進行既定之密碼化運算,將其結果所得到之密碼數據C 當作響應來返回之功能,當作響應之密碼數據C係從響應 傳送部170,向響應接收部230,進行傳送。 在讀寫裝置200側,係對應這種返回來之密碼數據C ,進行解碼運算。即,使用公鑰Θ (儲存在公鑰記憶部250 內),在解碼運算部240,對應密碼數據C,進行解碼運算 。針對這種運算結果所得到之解碼數據,在認証部260中 ,與原來之認証用數據R(認証用數據產生部220所產生)進 行比較,當兩者一致時,進行1C卡100爲正確者之認証之 點,係如以上所述。 另一方面,在1C卡100側進行之密碼化運算之處理, 基本上,也是如以上所述。即,被命令接收部110所接收 之認証用數據R ’係提供給密碼化運算部15 0,進行密碼化 。在密鑰記憶部160中,儲存密鑰α。密碼化運算部150 係從該密鑰記憶部160,讀出密鑰α,利用該密鑰α,對 應認証用數據R,進行密碼化運算,進行求出密碼數據C 之處理。所求出之密碼數據C係從響應傳送部17〇,當作 響應來進行傳送。 但是,密碼化運算部150爲了進行這種密碼化運算, 必須得到來自不一致確認部Η0之許可。換言之,即使認 証用數據R被提供給命令接收部110,也只有從不一致確 13 本紙張尺度刺中㈣家標準(CNS)A4規格(210 X 297公发)' (請先閱讀背面之注意事項再填寫本頁)589583 A7 ____— _B7 ___ 5. Explanation of the invention At the same time, the command transmission unit 210 is transmitted to the command reception unit 110. The 1C card 100 is a portable information storage medium. When the authentication data R is transmitted at the same time as the authentication command, it performs a predetermined cryptographic operation corresponding to the authentication data R and obtains the result. The function of returning the cipher data C as a response is to transmit the cipher data C as a response from the response transmitting section 170 to the response receiving section 230. The read / write device 200 side performs a decoding operation corresponding to the returned encrypted data C. That is, the public key Θ (stored in the public key storage unit 250) is used, and the decoding operation unit 240 performs a decoding operation corresponding to the cipher data C. For the decoded data obtained from such a calculation result, the authentication unit 260 is compared with the original authentication data R (generated by the authentication data generation unit 220). When the two match, the 1C card 100 is the correct one. The point of certification is as described above. On the other hand, the processing of cryptographic operations performed on the 1C card 100 side is basically the same as described above. That is, the authentication data R 'received by the command receiving unit 110 is supplied to the cryptographic computing unit 150 to be encrypted. The key storage unit 160 stores a key α. The cryptographic operation unit 150 reads the key α from the key storage unit 160, and uses the key α to perform a cryptographic operation on the authentication data R to obtain the encrypted data C. The obtained cipher data C is transmitted from the response transmission unit 17 as a response. However, in order to perform such a cryptographic operation, the cryptographic operation unit 150 must obtain permission from the inconsistency confirmation unit Η0. In other words, even if the authentication data R is provided to the command receiving unit 110, only the 13 paper sizes will be confirmed from the inconsistency (CNS) A4 specification (210 X 297). (Please read the precautions on the back first (Fill in this page again)
589583 A7 _________B7___ 五、發明說明(u) 認部140,提供主旨之信號(針對該認証用數據R許可密碼 化運算),密碼化運算部150才能進行密碼化運算。不一致 確認部140係判定,新提供給命令接收部110之認証用數 據R,是否與過去所提供之認証用數據R —致,只在不一 致之情況,對應密碼化運算部150,提供主旨的信號(許可 密碼化運算)。在不一致確認部140中,爲了進行這種判定 ,必須事先儲存目前所提供之認証用數據R。這種儲存處 理係藉由認証用數據寫入部120及認証用數據記憶部130 來進行。認証用數據記憶部130具有記憶場所(用來儲存記 憶目前所提供之複數認証用數據R),認証用數據寫入部 120係進行將命令接收部110所接收之認証用數據R,依序 寫入到該認証用數據記憶部130之處理。 當然,當第1次使用該1C卡100時,在認証用數據記 憶部130內,尙未儲存認証用數據R,但當從命令傳送部 210,與認証命令同時傳送來認証用數據R時,係藉由認証 用數據寫入部120,將該認証用數據R寫入到認証用數據 記憶部130。不一致確認部140,係當命令接收部11〇與認 証命令同時,接收認証用數據R時,確認認証用數據R(記 憶在認証用數據記憶部130內)和新接收之認証用數據R爲 不一致,對應密碼化運算部150,提供主旨的信號(許可密 碼化運算)。密碼化運算部150係在該不一致確認部丨40 ’ 將確認不一致當作條件,使用密鑰α (記億在密鑰記億部 160內),對應新接收之認証用數據R,進行密碼化運算’ 並進行得到密碼數據C之運算。 14 __ 本纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) ··-------—訂/--------線 589583 A7 ______B7___ 五、發明說明(/1) 又,這種實施形態,認証用數據寫入部120係針對新 接收之認証用數據R,在不一致確認部140中,將確認不 一致當作條件,進行這種新接收之認証用數據R之寫入。 即,在命令接收部110中,當與認証命令同時接收新的認 証用數據R時,首先,藉由不一致確認部140,進行不一 致確認之處理,只在確認不一致之情況,藉由認証用數據 寫入部120,該認証用數據R被寫入在認証用數據記憶部 130。反言之,假如在不一致確認部140中,確認一致之情 況,該認証用數據R就不會藉由認証用數據寫入部120來 進行寫入。這種運用係具有從認証用數據記憶部130內之 數據,排除冗長性之意義。即,針對與業已記憶在認証用 數據記憶部130內之數據相同之數據,不再進行寫入。 又,實用上,1C卡100內之記憶容量係有限,當然, 認証用數據記憶部130之記憶容量也有限。因此,若1C卡 100被長期間利用,不斷插入到讀寫裝置200來接受認証 的話,認証用數據記憶部130內之空區域就會逐漸減少下 去,不久,在全體區域,成爲認証用數據R被寫入之狀態 。在這種情況下,較佳係在認証用數據記憶部130內,只 殘留最近之認証用數據R,根據舊的數據,進行重寫之處 理。例如,在認証用數據記憶部130內,具有複數n個場 所(可記憶認証用數據R)之情況,較佳係設定爲只記憶最近 η次份之認証用數據R之狀態。即,較佳係在空區域消失 前,進行將認証用數據R(成爲寫入對象)依序寫入在各記憶 場所之處理,當複數η個記憶場所業已寫入完成後,對應 15 衣纸張尺度適用中國a家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁)589583 A7 _________B7___ 5. Description of the invention (u) The identification unit 140 provides a main signal (permits cryptographic operations for the authentication data R), and the cryptographic operation unit 150 can perform cryptographic operations. The inconsistency confirmation unit 140 determines whether the authentication data R newly provided to the command receiving unit 110 is the same as the authentication data R provided in the past. Only in the case of inconsistency, it corresponds to the cryptographic operation unit 150 and provides the main signal. (Allow cryptographic operations). In order to perform such a determination, the inconsistency confirmation unit 140 must store the authentication data R currently provided. This storage processing is performed by the authentication data writing unit 120 and the authentication data storage unit 130. The authentication data storage unit 130 has a storage place (for storing and memorizing the plural authentication data R currently provided), and the authentication data writing unit 120 writes the authentication data R received by the command receiving unit 110 in order. The processing in the authentication data storage unit 130 is performed. Of course, when the 1C card 100 is used for the first time, authentication data R is not stored in the authentication data storage unit 130, but when the authentication data R is transmitted from the command transmission unit 210 at the same time as the authentication command, The authentication data writing unit 120 writes the authentication data R into the authentication data storage unit 130. The inconsistency confirmation unit 140 confirms that the authentication data R (stored in the authentication data storage unit 130) and the newly received authentication data R are inconsistent when the command receiving unit 11 receives the authentication data R simultaneously with the authentication command. Corresponding to the cryptographic operation unit 150, a main signal is provided (the cryptographic operation is permitted). The cryptographic operation unit 150 uses the key α (the key is stored in the key key storage unit 160) to encrypt the newly received authentication data R in accordance with the inconsistency confirmation unit. Operation 'and perform the operation to obtain the cipher data C. 14 __ This paper size applies to China National Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page) ·· -------— Order / --- ----- Line 589583 A7 ______B7___ 5. Description of the invention (/ 1) In this embodiment, the authentication data writing unit 120 is a newly received authentication data R, and the inconsistency confirmation unit 140 confirms Inconsistency is used as a condition to write such newly received authentication data R. That is, when receiving new authentication data R at the same time as the authentication command in the command receiving unit 110, first, the inconsistency confirmation unit 140 performs inconsistent confirmation processing. Only when the inconsistency is confirmed, the authentication data is used. The writing unit 120 writes the authentication data R into the authentication data storage unit 130. On the other hand, if the inconsistency confirmation unit 140 confirms the agreement, the authentication data R is not written by the authentication data writing unit 120. This operation has the meaning of eliminating redundancy from the data in the authentication data storage unit 130. That is, the same data as the data already stored in the authentication data storage unit 130 is not written. In practice, the memory capacity in the 1C card 100 is limited. Of course, the memory capacity of the authentication data storage unit 130 is also limited. Therefore, if the 1C card 100 is used for a long period of time and is continuously inserted into the reading and writing device 200 to receive authentication, the empty area in the authentication data storage unit 130 will gradually decrease. Soon, the entire area will become the authentication data R. The status being written. In this case, it is preferable that only the most recent authentication data R remain in the authentication data storage unit 130, and the rewriting process is performed based on the old data. For example, in the case where the authentication data storage unit 130 has a plurality of n locations (authentication data R can be stored), it is preferable to set the state to memorize only the authentication data R of the latest n times. That is, it is preferable to perform the process of sequentially writing the authentication data R (being the writing target) in each memory location before the empty area disappears. After a plurality of n memory locations have been written, corresponding 15 clothing papers are processed. Zhang scale is applicable to China A Standard (CNS) A4 (210 X 297 mm) (Please read the precautions on the back before filling this page)
m i im n 11 I 一 0, · ^ 11 I In ί ϋ— HI I _11 HI n in n HI 1 n an ϋ f>— m 111 m n in «ϋ ϋ ϋ HI 589583 A7 __B7__ 五、發明說明(丨5) 最舊之認証用數據R被寫入之記憶場所,進行重寫處理。 第3圖係表示這種重寫處理之一例之圖。首先,如第 3圖⑷所示,當具有記憶場所號碼1〜n所示之複數n個記 憶場所之情況,若依序提供3個認証用數據R(1)、R(2)、 R(3)的話,則這些數據係如圖示,依序被寫入到記億場所 號碼1、2、3。此處,能用指標p來表不最後之寫入場所 。其次,較佳係例如’當提供新的認証用數據R(4)之情況 ,係針對記憶場所號碼4(位於指標P所指不之最後寫入場 所之下一位置),進行寫入,將指標P進行更新。第3圖(b) 係依照這種順序進行寫入,總共η個之認証用數據R(l)〜 R(n)係表示全部被寫入之狀態。在這種狀態下,當進一步 提供下一個認証用數據R(n+1)之情形,較佳係如第3圖(c) 所示,對應最舊之認証用數據R(l)被寫入之記億場所號碼 1之位置,進行重寫。第3圖(d)係表示進一步提供新的認 証用數據R(n+2)、R(n+3)時之寫入狀態。若進行這種重寫 處理的話,則經常能儲存記憶最新之η個認証用數據。 第4圖係表示本發明之可攜式資訊記憶媒體之認証方 法步驟之流程圖。當然,當實施第4圖所示之步驟時,必 須事先準備可攜式資訊記憶媒體(1C卡1〇〇,其係具有儲存 既定之密鑰α,使用該密鑰α,進行既定密碼化運算之功 育巨)’必須事先準備用來存取在可攜式資訊記憶媒體之外部 裝置(讀寫裝置200)。 又,若把1C卡1〇〇插入到讀寫裝置2〇〇的話,首先, 在步驟S1中,在讀寫裝置200側,產生認証用數據R(亂 ----- 16 本 國家標準(CNS)A4 規1^10 χ 297 公 一 — (請先閱讀背面之注意事項再填寫本頁) --------·丨訂·------ 線 589583 A7 _ —_ B7 _ 五、發明說明(〖+) 數),其次,在步驟S2中,該認証用數據R係傳送給1C卡 100側。實際上,係如上述,與認証命令同時,將認証用 數據R提供給1C卡100側。1C卡100係在步驟S3中’若 接收該認証用數據R的話,則其次,在步驟S4中,進行 與過去η次份之認証用數據R之一致判定(當然,在認証用 數據記憶部130內,尙未儲存η次份之認証用數據R之情 況,較佳係進行與目前所儲存之認証用數據R之一致判定) 〇 此處,若完成主旨(所儲存之認証用數據R皆爲不一致 )之判定的話,則從步驟S5進行到步驟S6,進行將該新接 收之認証用數據R寫入到認証用數據記憶部130之處理。 因此,在步驟S6之認証用數據之寫入處理之前,進行步驟 S4之一致判定,只在得到不一致之判定結果之情況’進行 步驟S6之寫入處理係因爲,如以上所述,排除認証用數據 R(儲存在認証用數據記憶部130內)之冗長性之故(避免重覆 寫入相同數據之故)。其次,在步驟S7中’係對應該認証 用數據R,使用密鑰α,進行密碼化運算’所得到之密碼 數據C係在步驟S8中,當作響應來進行傳送。 讀寫裝置200係在步驟S9中,接收這種當作響應傳送 之密碼數據C,在步驟S10中,對應該密碼數據C,使用 公鑰^,進行解碼運算。又,在步驟S11中,判定解碼數 據(從該解碼運算結果而得到)和原來之認証用數據R(在步 驟S1所產生之亂數)之一致。若兩者一致的話,則從步驟 S12進行到步驟S13,變成認証成功’若兩者不一致的話, 17 尺度適用中國國家標準(CNS)A4規格(21〇 χ 297公" (請先閱讀背面之注意事項再填寫本頁) -------;丨訂----------線 589583 A7 _ —__B7__ 五、發明說明(if) 則從步驟S12進行到步驟S14,變成認証失敗。 另一方面,若得到在1C卡100側所進行之步驟S4之 一致判定之結果、及與認証用數據R(儲存在認証用數據記 憶部130內之任一個)一致之結果的話,則從步驟S5進行 到步驟S15,對應讀寫裝置200,當作響應進行錯誤之傳送 。這種情況,讀寫裝置200係在步驟S16中,因當作響應 來接收錯誤,故在下一步驟S17中,進行既定之錯誤處理 〇 若用這種步驟,對應1C卡100進行認証的話,則在步 驟S4之判定中,新提供之認証用數據R,限定在與過去η 次份之認証用數據R不一致之情況,進行步驟S7之密碼 化運算,故不易將相同認証用數據R反覆提供給1C卡100 ,反覆觀測此時之消耗電力,藉由統計手法,來實施類推 密鑰α之不正當之解析手法。 以上,係根據圖示之實施形態來說明本發明,但本發 明不被限定在這種實施形態,在其他之各種形態也能實施 。例如,在上述之實施形態中,係透過讀寫裝置,來敘述 對應1C卡100進行認証之例,但本發明也能廣泛適用在, 對應一般可攜式資訊記憶媒體,從外部裝置,來進行認証 之情況。 【發明效果】 如以上所述,若依本發明之可攜式資訊記憶媒體之認 証方法的話,則即使對應不正當之解析手法,也能確保充 分之安全。 18 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項再填寫本頁) -------;—訂·---------線 589583 A7 ______B7 五、發明說明(乂) 【圖式之簡單說明】 第1圖係表示把可攜式資訊記憶媒體(1C卡)100插入 到外部裝置(讀寫裝置)200中,在電氣連接兩者之狀態下, 從讀寫裝置200側,認証1C卡100側步驟之方塊圖。 第2圖係表示將本發明之可攜式資訊記憶媒體(1C卡 )100連接在外部裝置(讀寫裝置)200之狀態下,兩者構成要 素之方塊圖。 第3圖係表示第2圖所示之可攜式資訊記憶媒體(1C卡 )100內之認証用數據記憶部130之構成例及認証用數據儲 存例之圖。 第4圖係表示本發明之可攜式資訊記憶媒體之認証方 法之基本步驟之流程圖。 Γ%先閱讀背面之注意事項再填寫本頁) •——丨丨丨!訂·,--------線 【符號說明】 100 可攜式資訊記憶媒體(1C卡) 110 命令接收部 120 認証用數據寫入部 130 認証用數據記憶部 140 不一致確認部 150 密碼化運算部 160 密鏡記憶部 170 響應傳送部 200 外部裝置(讀寫裝置) 210 命令傳送部 220 認証用數據產生部 19 本纸張尺度適用中國國家標準(CNS)A4規格(210 Χ 297^7 589583 A7 ___B7 五、發明說明》 230 響應接收部 240 解碼運算部 250 公鑰記憶部 260 認証部 C 密碼數據 P 標 R 證用數據(亂數) R(l)〜R(n+3) 證用數據(亂數) a 1鑰(密鑰) β 2繪(公繪) (請先閱讀背面之注意事項再填寫本頁) 木纸張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)mi im n 11 I one 0, · ^ 11 I In ί ϋ — HI I _11 HI n in n HI 1 n an ϋ f > — m 111 mn in «ϋ ϋ ϋ HI 589583 A7 __B7__ V. Description of the invention (丨 5 ) The memory where the oldest authentication data R is written is rewritten. Fig. 3 is a diagram showing an example of such a rewrite process. First, as shown in FIG. 3 (a), when there are a plurality of n memory locations indicated by memory location numbers 1 to n, if three authentication data R (1), R (2), R ( 3), then these data are written in order to the location number 1, 2, and 3 of the Billion Point as shown in the figure. Here, the index p can be used to indicate the last writing place. Secondly, for example, when the new authentication data R (4) is provided, it is preferably written for the memory location number 4 (located below the last writing location not indicated by the index P), and writing The index P is updated. Figure 3 (b) is written in this order, and a total of n authentication data R (l) to R (n) indicates a state where all of the authentication data R (l) to R (n) are written. In this state, when the next authentication data R (n + 1) is further provided, it is preferable to write the corresponding oldest authentication data R (l) as shown in FIG. 3 (c). The location of the location number 1 is recorded and rewritten. Fig. 3 (d) shows the writing state when new authentication data R (n + 2) and R (n + 3) are further provided. When such a rewriting process is performed, the latest n authentication data can be stored and memorized. Fig. 4 is a flowchart showing the steps of the authentication method of the portable information storage medium of the present invention. Of course, when implementing the steps shown in FIG. 4, a portable information storage medium (1C card 100) must be prepared in advance, which has a predetermined key α stored therein, and a predetermined cryptographic operation is performed using the key α. It must be prepared in advance for accessing an external device (read-write device 200) on a portable information storage medium. If a 1C card 100 is inserted into the reader / writer 200, first, in step S1, authentication data R (random ----- 16 national standards ( CNS) A4 Regulation 1 ^ 10 χ 297 Public One — (Please read the notes on the back before filling this page) -------- · 丨 Order · ------ Line 589583 A7 _ —_ B7 _ V. Explanation of the invention (〖+) number) Secondly, in step S2, the authentication data R is transmitted to the 100C side of the 1C card. Actually, as described above, the authentication data R is provided to the 1C card 100 side at the same time as the authentication command. The 1C card 100 is “if the authentication data R is received in step S3, then, in step S4, it is determined whether or not the authentication data R is equal to the previous n times (of course, in the authentication data memory 130) In the case where η copies of authentication data R are not stored, it is preferable to make a consistent determination with the currently stored authentication data R. Here, if the main purpose is completed (the stored authentication data R are all If it is not determined, the process proceeds from step S5 to step S6, and a process of writing the newly received authentication data R into the authentication data storage unit 130 is performed. Therefore, before writing the authentication data in step S6, the consistency judgment of step S4 is performed, and only when the inconsistent judgment result is obtained, 'the writing processing of step S6 is performed because, as described above, the authentication is excluded. The reason for the verbosity of the data R (stored in the authentication data storage unit 130) (to avoid rewriting the same data repeatedly). Next, in step S7, "the encrypted data C corresponding to the authentication data R and the encryption operation using the key α" is transmitted as a response in step S8. The read / write device 200 receives the cipher data C transmitted as a response in step S9, and performs a decoding operation on the cipher data C using the public key ^ in step S10. In step S11, it is determined whether the decoded data (obtained from the result of the decoding operation) and the original authentication data R (the random number generated in step S1) agree. If the two are the same, go from step S12 to step S13, and the authentication is successful. If the two are not the same, the 17 standard applies the Chinese National Standard (CNS) A4 specification (21〇χ 297 公 " (Please read the back Please fill in this page again for the matters needing attention) -------; 丨 Order ---------- line 588953 A7 _ —__ B7__ 5. Description of the invention (if), then proceed from step S12 to step S14, become On the other hand, if the result of the unanimous determination of step S4 performed on the 1C card 100 side and the result that matches the authentication data R (either of the authentication data storage unit 130) are obtained, Then, from step S5 to step S15, the corresponding read-write device 200 transmits an error as a response. In this case, the read-write device 200 receives the error as a response in step S16, so in the next step S17 In this step, a predetermined error process is performed. If this step is used to perform authentication for the 1C card 100, the newly provided authentication data R is limited to the authentication data R of the previous n times in the determination of step S4. In case of inconsistency, proceed to step S7. It is difficult to repeatedly provide the same authentication data R to the 1C card 100, and repeatedly observe the power consumption at this time, and use statistical methods to implement the improper analytical method of analogizing the key α. The above is based on the diagram. The present invention will be described in terms of embodiments, but the present invention is not limited to this embodiment, and can be implemented in various other forms. For example, in the above-mentioned embodiment, the corresponding 1C card 100 is described through a read / write device. An example of authentication is performed, but the present invention can also be widely applied to the case where authentication is performed from an external device to a general portable information storage medium. [Effects of the Invention] As described above, if the portable type according to the present invention is used, The authentication method of the information memory media can ensure sufficient security even if it corresponds to improper parsing methods. 18 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) (Please read the Please fill in this page again for the matters needing attention) -------;-Order · --------- line 589583 A7 ______B7 V. Description of the invention (乂) [Simplified description of the drawings] Figure 1 is a table A block diagram of the steps for authenticating the 1C card 100 side from the read / write device 200 side when the portable information storage medium (1C card) 100 is inserted into an external device (read / write device) 200 and the two are electrically connected. Fig. 2 is a block diagram showing the constituent elements of the portable information storage medium (1C card) 100 of the present invention connected to an external device (reading and writing device) 200. Fig. 3 is a diagram showing Fig. 2 The figure shows a configuration example of an authentication data storage unit 130 in the portable information storage medium (1C card) 100 and an example of authentication data storage. Fig. 4 is a flowchart showing the basic steps of the authentication method of the portable information storage medium of the present invention. Γ% Please read the notes on the back before filling this page) • —— 丨 丨 丨! Order ,, -------- line [Symbol description] 100 Portable information storage media (1C card) 110 Command receiving part 120 Authentication data writing part 130 Authentication data storage part 140 Inconsistent confirmation part 150 Password Chemical calculation unit 160 Lens memory unit 170 Response transmission unit 200 External device (reading and writing device) 210 Command transmission unit 220 Authentication data generation unit 19 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 ^ 7) 589583 A7 ___B7 V. Description of the invention 230 Response receiving section 240 Decoding calculation section 250 Public key memory section 260 Authentication section C Cryptographic data P Label R Certificate data (random number) R (l) ~ R (n + 3) Certificate Data (random number) a 1 key (key) β 2 drawing (public drawing) (Please read the precautions on the back before filling this page) The paper size is applicable to China National Standard (CNS) A4 (210 X 297) %)